Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Wireless Networking > root CA expired now machine authentication broken (please help)

Reply
Thread Tools

root CA expired now machine authentication broken (please help)

 
 
Chris T.
Guest
Posts: n/a
 
      04-30-2009
Recently the root CA for my domain expired on my Windows 2003 std
certificate authority.



I then right clicked on the CA and clicked "renew CA certificate" with same
key.



Now none of my Wireless clients (all are Windows XP) are able to do machine
authentication.



Even if I hard wire the clients in and restart them so that they renew their
certificates the machine will still not authenticate. Users however, are
able to authenticate to the wireless network just fine.





I have a wireless network setup in a GPO for the whole domain and the
configuration is set like this.



SSID: Dnet

network authentication: WPA

data encryption: TKIP

EAP type: PEAP

authenticate as computer when computer information is available: is checked

and computer authentication is set to: with user re-authentication



under the settings tab I have:



Validate server certificate: checked

connect to these servers: then I list out my ISA servers

do not prompt user to authorize new servers or trusted certification
authorities: checked

select authentication method: secured password EAP-MSCHAP v2

enable fast reconnect: checked





Does anyone have advice on what I should try next?



 
Reply With Quote
 
 
 
 
Bob Lin \(MS-MVP\)
Guest
Posts: n/a
 
      04-30-2009
Assume you use IAS, any errors in the Event Viewer?

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com


"Chris T." <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Recently the root CA for my domain expired on my Windows 2003 std
> certificate authority.
>
>
>
> I then right clicked on the CA and clicked "renew CA certificate" with
> same key.
>
>
>
> Now none of my Wireless clients (all are Windows XP) are able to do
> machine authentication.
>
>
>
> Even if I hard wire the clients in and restart them so that they renew
> their certificates the machine will still not authenticate. Users however,
> are able to authenticate to the wireless network just fine.
>
>
>
>
>
> I have a wireless network setup in a GPO for the whole domain and the
> configuration is set like this.
>
>
>
> SSID: Dnet
>
> network authentication: WPA
>
> data encryption: TKIP
>
> EAP type: PEAP
>
> authenticate as computer when computer information is available: is
> checked
>
> and computer authentication is set to: with user re-authentication
>
>
>
> under the settings tab I have:
>
>
>
> Validate server certificate: checked
>
> connect to these servers: then I list out my ISA servers
>
> do not prompt user to authorize new servers or trusted certification
> authorities: checked
>
> select authentication method: secured password EAP-MSCHAP v2
>
> enable fast reconnect: checked
>
>
>
>
>
> Does anyone have advice on what I should try next?
>
>
>


 
Reply With Quote
 
 
 
 
Chris T.
Guest
Posts: n/a
 
      04-30-2009
Yes I am using IAS

what is strange is that I do not see any failed events in the system log for
IAS for workstation whi-02881



I see this message under Security:

Event ID 680
logon attempt by: microsoft_authentication_package_v1_0
logon account: host/whi-02881.domain.com
source workstation:

error code: 0xc0000064




"Bob Lin (MS-MVP)" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Assume you use IAS, any errors in the Event Viewer?
>
> --
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on
> http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on
> http://www.HowToNetworking.com
>
>
> "Chris T." <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Recently the root CA for my domain expired on my Windows 2003 std
>> certificate authority.
>>
>>
>>
>> I then right clicked on the CA and clicked "renew CA certificate" with
>> same key.
>>
>>
>>
>> Now none of my Wireless clients (all are Windows XP) are able to do
>> machine authentication.
>>
>>
>>
>> Even if I hard wire the clients in and restart them so that they renew
>> their certificates the machine will still not authenticate. Users
>> however, are able to authenticate to the wireless network just fine.
>>
>>
>>
>>
>>
>> I have a wireless network setup in a GPO for the whole domain and the
>> configuration is set like this.
>>
>>
>>
>> SSID: Dnet
>>
>> network authentication: WPA
>>
>> data encryption: TKIP
>>
>> EAP type: PEAP
>>
>> authenticate as computer when computer information is available: is
>> checked
>>
>> and computer authentication is set to: with user re-authentication
>>
>>
>>
>> under the settings tab I have:
>>
>>
>>
>> Validate server certificate: checked
>>
>> connect to these servers: then I list out my ISA servers
>>
>> do not prompt user to authorize new servers or trusted certification
>> authorities: checked
>>
>> select authentication method: secured password EAP-MSCHAP v2
>>
>> enable fast reconnect: checked
>>
>>
>>
>>
>>
>> Does anyone have advice on what I should try next?
>>
>>
>>

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OTish: expired root certificates kpg MCSE 6 07-18-2008 08:31 PM
Solution - Verisign expired root CA and "No trusted certificate found" using JSSE Neill Java 2 07-29-2005 09:13 PM
SRT DIvision, Square root and reciprocal square root alghazo@siu.edu VHDL 0 05-27-2004 06:23 AM
Tertiary Conditional: what does this evaluate to ("docRoot == null ? this.root : doc root")? Rick Osborn Java 10 02-08-2004 02:25 AM



Advertisments